Statements (21)
Predicate | Object |
---|---|
gptkbp:instance_of |
gptkb:Common_Weakness_Enumeration
|
gptkbp:category |
Improper Input Validation
|
gptkbp:consequences |
User redirection to a malicious site.
|
gptkbp:description |
A weakness that allows an attacker to redirect users to a malicious site.
|
gptkbp:difficulty_levels |
gptkb:medium
|
gptkbp:example |
Redirecting to a URL based on user input without validation.
|
gptkbp:has_enemies |
gptkb:Web
|
gptkbp:has_weakness |
gptkb:CWE-601
|
https://www.w3.org/2000/01/rdf-schema#label |
CWE-601
|
gptkbp:impact |
Phishing attacks
Malware distribution |
gptkbp:is_referenced_in |
gptkb:SANS_Top_25
gptkb:NIST_SP_800-53 gptkb:OWASP_Top_Ten |
gptkbp:name |
URL Redirection to Untrusted Site (' Open Redirect')
|
gptkbp:prevention |
Use a whitelist of allowed URLs
Validate redirect URLs |
gptkbp:related_to |
gptkb:CWE-601
gptkb:CWE-20 |
gptkbp:bfsParent |
gptkb:CWE-20
|
gptkbp:bfsLayer |
7
|